Addon: Kata

Homepage: https://katacontainers.io/
From MicroK8s version: 1.22+
Supported arch: amd64

Kata Containers, is used to build a secure container runtime with lightweight virtual machines that feel and perform like containers, but provide stronger workload isolation using hardware virtualization technology as a second layer of defense. You can enable kata support with:

microk8s enable kata

The addon adds the kata runtimeClassName that allows you to specify what workloads should be started in Kata containers. For instance, the following manifest starts nginx in a Kata container:

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   labels:
  5.     app: kata
  6.   name: nginx-kata
  7. spec:
  8.   runtimeClassName: kata
  9.   containers:
  10.     - name: nginx
  11.       image: nginx

By default the addon will install the Kata runtime via the kata-containers snap. Alternatively, you can set the path of the where kata runtime is installed using the --runtime-path argument. The path you provide should include the kata-runtime binary:

  1. microk8s enable kata --runtime-path=/path/to/runtime

On multi-node clusters the microk8s enable addon has to be called on each node so that the kata runtime gets enabled ont the desired nodes.

Last updated 15 hours ago. Help improve this document in the forum.